PT-2019-9849 · Unknown · Driveragent

Published

2019-01-03

Updated

2019-02-08

CVE-2018-19523

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions DriverAgent version 2.2015.7.14

Description The issue allows a user to send an IOCTL (0x80002068) with a user-defined buffer size. If the size of the buffer is less than 512 bytes, the driver will overwrite the next pool header if there is one next to the user buffer's pool.

Recommendations For DriverAgent version 2.2015.7.14, as a temporary workaround, consider restricting the use of the IOCTL (0x80002068) until a patch is available. Avoid using buffer sizes less than 512 bytes in the affected IOCTL to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2018-19523

Affected Products

Driveragent

PT-2019-9849 · Unknown · Driveragent

CVE-2018-19523

Weakness Enumeration

Related Identifiers

Affected Products

References · 4